Re: [Clamav-users] Logging Scanning Activity

[Stephen Gran]

On Fri, Nov 05, 2004 at 11:33:25PM -0500, Rick Sutphin said:
> I have ClamAV 0.80 install on Debian 3.0 using the backports.org 
> package. My MTA is Exim. ClamAV is being called from procmail using 
> clamscan-procfilter.  I would like to have ClamAV log its' activity; 
> i.e. what mail it scanned and what viruses have been found if any.  If 
> this is possible, are there any utilities that will parse the log file 
> and generate reports?

I have seen a bunch of home rolled ones for parsing clam logs - this is
the one I use here.  It depends on a perl module I wrote, so just
replace:
my $FH = open_log_file("$clam_log");

with a standard
open(FILE,$clam_log) or die "couldn't open $clam_log: $!" ;

and:
while(<$FH>) {

with:
while(<FILE>) {

and comment or remove the
use linuxforce::open_log_file;

HTH,
-- 
 --------------------------------------------------------------------------
|  Stephen Gran                  | TRANSACTION CANCELLED - FARECARD        |
|  [EMAIL PROTECTED]             | RETURNED                                |
|  http://www.lobefin.net/~steve |                                         |
 --------------------------------------------------------------------------

#!/usr/bin/perl
use strict;
use linuxforce::open_log_file;

my ($last, $total, $errors, $quiet, $clam_log, $start_date, $end_date) = 
(0,0,0,0,0,0,0);
my %virii;
for (@ARGV) {
  my $arg=shift;
  $quiet = 1 if ($arg=~/-q/);
  $clam_log = $arg if (-f "$arg");
}

$clam_log = "/var/log/clamav/clamav.log.1" unless ($clam_log);

my $FH = open_log_file("$clam_log");
while(<$FH>) {
  chomp;
  $start_date = $_ unless ($start_date);
  $end_date = $_;
  if ($_ =~ /FOUND/) {
    split /[\s\t]+/, $_;
    $virii{$_[7]} += 1;
    $total++;
  }
  if ($_ =~ /ERROR/) {
    $errors++;
  }
}
close $FH;

sub split_date {
  my $raw_line = shift;
  my @line = split /\s+/, $raw_line;
  return "$line[1] $line[2] $line[4]";
}

$start_date = &split_date($start_date);
$end_date = &split_date($end_date);

if ($total > 0){
  print "Total virii detected by ClamAV between $start_date and $end_date: $total\n";
} else {
  print "No virii detected by ClamAV between $start_date and $end_date\n";
}  
print "Total errors in ClamAV in this period: $errors\n" if ($errors > 0);

if ($quiet == 0) {
  my @sorted = sort { $b <=> $a } (values %virii);
  for my $value (@sorted) {
    next if ($last eq $value);
    for my $key (keys %virii) {
      print "  $virii{$key}\t$key\n" if ($virii{$key} == $value);
    }
    $last = $value;
  }
}

pgpkjNRPtSWHJ.pgp
Description: PGP signature

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users